Hello Michael,
thank you for your fast answer.
No, I think your patch is no solution for this situation.
I think the situation is more complex.
It depends from
- the time of the decision
- and the definition of the functionality
Definition of the functionality from the spec:
'TrustCDROM "false"; // consider the CDROM always trusted'
I think a possible interpretation of this spec could be:
The CD-ROM will be imported, when TrustCDROM is set to "true"
a) even when it is not signed at all.
b) or even when a verification with gpg has no success (i.e. wrong
gpg-file, not in the keyring,...)
The CD-ROM will not be imported, when TrustCDROM is set to "false",
a) when a CD-ROM is not signed
b) or when the signature is not OK.
The CD-ROM will be imported, when TrustCDROM is set to "false" and the
signature is OK. We do not TrustCDROM but the signature!
The trust decision is done here!
Therefore later no check for current TrustCDROM flag will be done in
apt-pkg/deb/debmetaindex.cc. The TrustCDROM part has to be deleted in
this file.
It has been a decision during the import a long time ago.
I think the spec should be changed:
New spec: 'TrustCDROM "true"; // consider the CD-ROM "forever" trusted
even when not signed'
The current implementation in 0.7.20.2+lenny1:
I accept always an unsigned CD-ROM (TrustCDROM has no effect), but when
a CD-ROM is signed, then I accept only a CD-ROM that I can verify.
I.E. if I can not import a signed CD-ROM I have to remaster the CD-ROM
and remove the .GPG-File. Then this new CD-ROM is a "trusted" CD-ROM,
too. This CD-ROM can be imported if TrustCDROM "DON'T CARE".
My "late decision patch" is a dirty solution.
Michael Vogt wrote:
> On Tue, Apr 20, 2010 at 07:15:39PM +0200, Andreas Miller wrote:
>> Package: apt
>> Version: 0.7.20.2+lenny1
>> Severity: normal
>
> Thanks for your bugreport.
>
>> Hello,
>>
>> when I set APT::Authentication::TrustCDROM "false"; I can import the original cdrom with apt-cdrom add.
>>
>> If I try to import a signed CD-ROM I get the following error:
>>
>> # apt-cdrom add
> [..]
>> If I import an unsigned CD-ROM it is always imported.
>> Why does apt-cdrom not prevent the import of an unsigned CD-ROMs?
>
> I'm not entirely sure if I understand the bugreport correctly. So
> please correct me if I got the report wrong :)
>
>>From how I read it you want that
> "APT::Authentication::TrustCDROM="true" allows apt-cdrom add to add a
> cdrom even if the signature can be not verified? If so, here is a diff:
>
> === modified file 'apt-pkg/indexcopy.cc'
> --- apt-pkg/indexcopy.cc 2010-01-08 21:28:49 +0000
> +++ apt-pkg/indexcopy.cc 2010-05-07 12:35:49 +0000
> @@ -591,7 +591,8 @@
> string prefix = *I;
>
> // a Release.gpg without a Release should never happen
> - if(!FileExists(*I+"Release"))
> + if(!FileExists(*I+"Release") ||
> + _config->FindB("APT::Authentication::TrustCDROM", false) == true)
> {
> delete MetaIndex;
> continue;
>
> I think it does make sense to allow this and is in line with what the
> switch is suppposed to do.
>
>
> Cheers,
> Michael
>
>
Best Regards
Andreas
Attachment:
smime.p7s
Description: S/MIME Cryptographic Signature